When courier-imap is started for the first time, it automatically creates the certificate files /usr/lib/courier-imap/share/imapd.pem and /usr/lib/courier-imap/share/pop3d.pem from the /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf files. Because the .cnf files contain the line CN=localhost, but our server is named server1.example.com, the certificates might cause problems when you use TLS connections. To solve this, we delete both certificates...

cd /usr/lib/courier-imap/share rm -f imapd.pem rm -f pop3d.pem

... and replace the CN=localhost lines in /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf with CN=server1.example.com:

vi /usr/lib/courier-imap/etc/imapd.cnf

[...]
CN=server1.example.com
[...]

vi /usr/lib/courier-imap/etc/pop3d.cnf

[...]
CN=server1.example.com
[...]

Then we recreate both certificates...

./mkimapdcert ./mkpop3dcert

... and restart courier-authlib and courier-imap:

/etc/init.d/courier-authlib restart /etc/init.d/courier-imap restart

By running

telnet localhost pop3

you can see if your POP3 server is working correctly. It should give back +OK Hello there. (type quit to get back to the Linux shell):

(Of course, it's up to you to decide what should happen with spam and viruses. I decide to accept spam (D_PASS) so that Spam can be filtered in my email client with a simple filter rule (based on the subject that gets rewritten by amavisd-new if it thinks a mail is spam). The allowed actions (D_PASS, D_DISCARD, D_BOUNCE, and D_REJECT) are explained here: http://www.ijs.si/software/amavisd/amavisd-new-docs.html#actions)

6) Change

# ### http://www.clamav.net/
# ['ClamAV-clamd',
# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
# qr/\bOK$/, qr/\bFOUND$/,
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd, or run it under its own
# # uid such as clamav, add user clamav to the amavis group, and then add
# # AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd".

to

### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# NOTE: run clamd under the same user as amavisd, or run it under its own
# uid such as clamav, add user clamav to the amavis group, and then add
# AllowSupplementaryGroups to clamd.conf;
# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# this entry; when running chrooted one may prefer socket "$MYHOME/clamd".
# ### http://www.clamav.net/
# ['ClamAV-clamd',
# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
# qr/\bOK$/, qr/\bFOUND$/,
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd, or run it under its own
# # uid such as clamav, add user clamav to the amavis group, and then add
# # AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd".

(Make sure you use /tmp/clamd.socket in the ClamAV-clamd stanza instead of /var/run/clamav/clamd.)

amavisd-new is the program that glues together Postfix and SpamAssassin/ClamAV. Postfix passes the mails to amavisd-new which then invokes SpamAssassin and ClamAV to scan the emails. Please have a look at the Spamassassin and ClamAV settings in /etc/amavisd.conf. Of course, you can customize that file a lot more. Feel free to do so, and have a look at the explanations in the original /etc/amavisd.conf file!

Now let's create the system startup links for ClamAV and amavisd-new, update ClamAV's virus signature database, and start both services:

Falko Timme is an experienced Linux administrator and founder of Timme Hosting, a leading nginx business hosting company in Germany. He is one of the most active authors on HowtoForge since 2005 and one of the core developers of ISPConfig since 2000. He has also contributed to the O'Reilly book "Linux System Administration".